Solved

Citrix Receiver Pass Through Not Working

Posted on 2013-10-31
5
6,726 Views
Last Modified: 2013-11-05
Hi There,

I have an installation of StoreFront 2.1 setup and the legacy support setup (so as to use the webservice type option) All security is setup i.e. pass through.
(Setup on a windows 2008 r2 box 64bit)

I have setup the domain policy as recomeneded for Citrix Pass through.

I have installed Citrix Receiver Enterprise 3.3 on a workstation (file version shows as 13.3.0.55).

The installation has been done as I would have if using webinterface and that is to do this:-
CitrixReceiverEnterprise.exe /silent /includeSSON ADDLOCAL="ReceiverInside,ICA_Client,SSON,USB,DesktopViewer,Flash,PN_Agent,Vd3d" SERVER_LOCATION="http://"My storefront server"/Citrix/VisiCAD/PNAgent/config.xml" ENABLE_SSON="Yes"

OK so with this done and a restart the citrix receiver is installed and when i go into the about settings i can see Pass through is set correct. Also the icons of the app appear on the desktop so all looks great BUT I then double click the app and get the following message:
Citrix Receiver
The credentials supplied were invalid. Please try again.

Just to reconfirm I have done the recomended settings on the store front for pass through i.e. config as follows:
<LogonMethod>sson</LogonMethod>
<EnableKerberos>false</EnableKerberos>

and as mentioned above the Policy setting for Citrix and just to confirm the user logging on has full access to the application (I can test this by changing the setings to prompt for a user entry and the app will load if I key in the same log in details!!!!)

I can also confirm that IIS 7.5 has the authentication settings enabled.

For info on this machine where the receiver is installed if i change that to use a webinterface installation (Pre storefront) it works with no errors.

Hope someone can help please :)

Big thanks,

Steve
0
Comment
Question by:objectivity
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:Daniel Borger
Comment Utility
It's been a while since I saw this issue but I had these links saved as a resolution.

http://support.citrix.com/article/CTX133901
http://support.citrix.com/article/CTX133855
http://retrodesign.no/technet/2013/03/09/storefront-domain-pass-through-authentication-not-working/

I was on a project and ended up using the default website in Xendesktop to get the icons to work at first.
0
 

Author Comment

by:objectivity
Comment Utility
Hi Thanks for the reply.

I can say I have tried/checked these links for info they mention storefront 1.1 and we are using 2.1 and I know there have been some changes in the version.

We are using kerberos settings and configured as per recomendations. With this I get the icons on the screen and the pass-through in the receiver but when you double click the icons you get the error.

For info if i do the same settings with webinterface there are no problems!!!!!!

I have also configured all the IIS settings for pass-though too.

Oh and the storefront shows the correct name to match the server name. i.e. when i run
setspn –L <hostname of Storefront server>

This has turned into a frustrating one.

Big thanks,

Steve
Receiver-Settings.PNG
0
 
LVL 12

Expert Comment

by:Daniel Borger
Comment Utility
I doubled back to the customer I worked with and it seems we ended up using web interface with for just the PNagent on the xendesktops. I had a case open with Citrix and was not getting anywhere.
0
 

Accepted Solution

by:
objectivity earned 0 total points
Comment Utility
Hi There cant beleive it fixed the issue.

I enabled storefront tracing and found there is an extra config you have to chage. Unfortunately there is no gui anymore for services so you just have to do it all yourself :)

So basically you do this and it works; thats it!!!!!!
C:\inetpub\wwwroot\Citrix\[storefront name]\web.config

Set the logonMethod to sson
 
    <pnaProtocolResources changePasswordAllowed="Never" logonMethod="sson" kerberosEnabled="false" changePasswordMethod="Proxy" changePasswordUrl="">


This is on top of all the other stuff you have to do manual as well.

Thanks for your input anyway

Cheers,

Steve
0
 

Author Closing Comment

by:objectivity
Comment Utility
This solution makes the reciver to storefront 2.1 pass-through authentication work.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now